WP-Safety

Minify Javascript Security & Risk Analysis

wordpress.org/plugins/optimize-javascript

Minify and Optimize your Javascript by clicking one button and place it in the footer or header.

40 active installs v3.0 PHP + WP 4.1+ Updated Jan 2, 2018
compressjavascriptjsminifyminify-js
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Minify Javascript Safe to Use in 2026?

Generally Safe

Score 85/100

Minify Javascript has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "optimize-javascript" v3.0 plugin exhibits a concerning security posture due to a significant number of unprotected entry points, specifically three AJAX handlers lacking authentication checks. This creates a broad attack surface where malicious actors could potentially exploit these handlers without needing to be logged in or possess specific user roles. The presence of dangerous functions like `preg_replace(/e)`, `shell_exec`, and `exec` is also a major red flag, as these can be leveraged for arbitrary code execution if user-supplied input is not rigorously sanitized. Compounding these issues, the analysis indicates that 0% of outputs are properly escaped, increasing the risk of cross-site scripting (XSS) vulnerabilities. While the plugin has no recorded vulnerabilities or CVEs, this favorable history should not overshadow the immediate and severe risks identified in the static analysis. The lack of capability checks and nonces on the majority of entry points further exacerbates the security concerns. In conclusion, despite the absence of past vulnerabilities, the current version of "optimize-javascript" presents critical security risks that demand immediate attention. The combination of an exposed attack surface, dangerous functions, and unescaped output makes it a high-risk plugin.

Key Concerns

  • AJAX handlers without auth checks
  • Unescaped output
  • Dangerous functions (preg_replace(/e), shell_exec, exec)
  • No capability checks
  • Missing nonce checks on AJAX handlers
Vulnerabilities
None known

Minify Javascript Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Minify Javascript Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
0 prepared
Unescaped Output
40
0 escaped
Nonce Checks
2
Capability Checks
0
File Operations
13
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

preg_replace(/e)preg_replace('/eincludes\minifier\minify\src\JS.php:328
shell_execif(!shell_exec('java -version 2>&1')) {includes\pfeiffersms-admin.php:360
exec@exec($cmd . ' 2>&1');includes\pfeiffersms-front.php:497

Output Escaping

0% escaped40 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
local_copy (includes\pfeiffersms-admin.php:438)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Minify Javascript Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

noprivwp_ajax_pfeiffersms-save-assetsincludes\pfeiffersms-admin-bar.php:42
authwp_ajax_pfeiffersms-save-assetsincludes\pfeiffersms-admin-bar.php:43
authwp_ajax_pfeiffersms-check-execincludes\pfeiffersms-admin.php:83
WordPress Hooks 19
actionadmin_bar_initincludes\pfeiffersms-admin-bar.php:48
actionwp_print_scriptsincludes\pfeiffersms-admin-bar.php:53
actionwp_headincludes\pfeiffersms-admin-bar.php:54
actionwp_footerincludes\pfeiffersms-admin-bar.php:55
actionwp_footerincludes\pfeiffersms-admin-bar.php:58
actionwp_enqueue_scriptsincludes\pfeiffersms-admin-bar.php:61
actionadmin_bar_menuincludes\pfeiffersms-admin-bar.php:62
actionadmin_noticesincludes\pfeiffersms-admin-notices.php:10
filterplugin_action_linksincludes\pfeiffersms-admin.php:85
actionadmin_enqueue_scriptsincludes\pfeiffersms-admin.php:86
actionadmin_menuincludes\pfeiffersms-admin.php:88
actionadmin_initincludes\pfeiffersms-admin.php:89
actioninitincludes\pfeiffersms-front.php:67
filterscript_loader_srcincludes\pfeiffersms-front.php:68
filterstyle_loader_srcincludes\pfeiffersms-front.php:69
actionwp_enqueue_scriptsincludes\pfeiffersms-front.php:93
actionwp_headincludes\pfeiffersms-front.php:94
actionwp_footerincludes\pfeiffersms-front.php:95
actionwp_print_stylesincludes\pfeiffersms-front.php:99
Maintenance & Trust

Minify Javascript Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedJan 2, 2018
PHP min version
Downloads13K

Community Trust

Rating20/100
Number of ratings1
Active installs40
Alternatives

Minify Javascript Alternatives

Better WordPress Minify

Better WordPress Minify

bwp-minify

A
85

Allows you to combine and minify your CSS and JS files to improve page load time.

8K No CVEs
WP Super Minify • Minify, Compress and Cache HTML, CSS & JavaScript

WP Super Minify • Minify, Compress and Cache HTML, CSS & JavaScript

wp-super-minify

A
100

A lightweight plugin that automatically minifies, compresses, and caches HTML, CSS, and JavaScript on demand to improve your website’s load speed.

9K 1 CVE
WP Minify Fix

WP Minify Fix

wp-minify-fix

A
85

[Fixed] This plugin uses the Minify engine to combine and compress JS and CSS files to improve page load time.

1K No CVEs
WP Fast Minify

WP Fast Minify

wp-inline-js-converter

A
85

Compress HTML Code, And Converting Inline Script and Style To JavaScript and CSS Compressed File.

10 No CVEs
Asset CleanUp: Page Speed Booster

Asset CleanUp: Page Speed Booster

wp-asset-clean-up

A
89

Make your website load FASTER by stopping specific styles (.CSS) & scripts (.JS) from loading. It works best with a page caching plugin / service.

100K 6 CVEs
Developer Profile

Minify Javascript Developer Profile

peterpfeiffer

2 plugins · 240 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Minify Javascript

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/optimize-javascript/assets/css/pfeiffersms.css/wp-content/plugins/optimize-javascript/assets/js/pfeiffersms.js
Script Paths
/wp-content/plugins/optimize-javascript/assets/js/pfeiffersms.js
Version Parameters
optimize-javascript/assets/css/pfeiffersms.css?ver=optimize-javascript/assets/js/pfeiffersms.js?ver=

HTML / DOM Fingerprints

CSS Classes
pfeiffersms-panelpfeiffersms-adminbar-infopfeiffersms-form
Data Attributes
id="pfeiffersms-panel"id="pfeiffersms-adminbar-info"id="pfeiffersms-form"id="pfeiffersms-adminbar-showinfo"
JS Globals
window.pfeiffersmsvar pfeiffersms
REST Endpoints
/wp-json/optimize-javascript/
FAQ

Frequently Asked Questions about Minify Javascript